# this config needs haproxy-1.1.28 or haproxy-1.2.1 global log 127.0.0.1 local0 warning # Set this to 4096 + 16384 # 16384 for the fedmsg gateway and 4096 for everybody else. maxconn 20480 chroot /var/lib/haproxy user haproxy group haproxy daemon stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664 stats socket /var/run/haproxy-admin level admin user root group root mode 0660 #debug #quiet defaults log global mode http option httplog option dontlognull option httpclose option redispatch retries 3 maxconn 5000 timeout connect 5s timeout client 500s timeout server 500s errorfile 503 /etc/haproxy/503.http frontend stats-frontend bind 0.0.0.0:8080 default_backend stats-backend backend stats-backend balance hdr(appserver) stats enable stats uri / frontend fp-wiki-frontend bind 0.0.0.0:10001 default_backend fp-wiki-backend backend fp-wiki-backend balance hdr(appserver) server wiki01 wiki01:80 check inter 15s rise 2 fall 5 {% if env == "production" %} server wiki02 wiki02:80 check inter 15s rise 2 fall 5 {% endif %} option httpchk GET /wiki/Main_Page frontend mirror-lists-frontend bind 0.0.0.0:10002 default_backend mirror-lists-backend backend mirror-lists-backend balance hdr(appserver) timeout connect 30s server mirrorlist-local1 localhost:18081 check inter 1s rise 2 fall 3 weight 100 server mirrorlist-local2 localhost:18082 check inter 1s rise 2 fall 3 weight 100 option httpchk GET /mirrorlist option allbackups frontend pkgdb-frontend bind 0.0.0.0:10003 default_backend pkgdb-backend backend pkgdb-backend balance hdr(appserver) server pkgdb01 pkgdb01:80 check inter 10s rise 2 fall 3 {% if env == "production" %} server pkgdb02 pkgdb02:80 check inter 10s rise 2 fall 3 {% endif %} option httpchk GET /pkgdb/collections/ frontend fas-frontend bind 0.0.0.0:10004 default_backend fas-backend backend fas-backend # These values are set extremely low so any issues are recovered from very # quickly. Setting these higher will cause odd behavior in apps that # depend on fas (like pkgdb, bodhi, etc) balance hdr(appserver) server fas01 fas01:80 check inter 5s rise 1 fall 2 {% if env == "production" %} server fas02 fas02:80 check inter 5s rise 1 fall 2 server fas03 fas03:80 check inter 5s rise 1 fall 2 {% endif %} option httpchk GET /accounts/ frontend voting-frontend bind 0.0.0.0:10007 default_backend voting-backend backend voting-backend balance hdr(appserver) server elections01 elections01:80 check inter 10s rise 2 fall 4 {% if env == "production" %} server elections02 elections02:80 check inter 10s rise 2 fall 4 {% endif %} option httpchk GET /voting/ frontend mirrormanager-frontend bind 0.0.0.0:10008 default_backend mirrormanager-backend backend mirrormanager-backend balance hdr(appserver) server mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3 {% if env == "production" %} server mm-frontend02 mm-frontend02:80 check inter 60s rise 2 fall 3 {% endif %} option httpchk GET /mirrormanager/static/mirrormanager2.css frontend bodhi2-frontend bind 0.0.0.0:10010 default_backend bodhi2-backend backend bodhi2-backend balance hdr(appserver) {% if env == "production" %} server bodhi03 bodhi03:80 check inter 20s rise 2 fall 3 server bodhi04 bodhi04:80 check inter 20s rise 2 fall 3 {% else %} server bodhi01 bodhi01:80 check inter 20s rise 2 fall 3 {% endif %} option httpchk GET / frontend freemedia-frontend bind 0.0.0.0:10011 default_backend freemedia-backend backend freemedia-backend balance hdr(appserver) server sundries01 sundries01:80 check inter 60s rise 2 fall 3 {% if env == "production" %} server sundries02 sundries01:80 check inter 60s rise 2 fall 3 {% endif %} option httpchk GET /freemedia/FreeMedia-form.html frontend packages-frontend bind 0.0.0.0:10016 default_backend packages-backend backend packages-backend balance hdr(appserver) server packages03 packages03:80 check inter 5s rise 2 fall 3 {% if env == "production" %} server packages04 packages04:80 check inter 5s rise 2 fall 3 {% endif %} option httpchk GET /packages/_heartbeat frontend tagger-frontend bind 0.0.0.0:10017 default_backend tagger-backend backend tagger-backend balance hdr(appserver) server tagger01 tagger01:80 check inter 60s rise 2 fall 3 {% if env == "production" %} server tagger02 tagger02:80 check inter 60s rise 2 fall 3 {% endif %} option httpchk GET /tagger/_heartbeat frontend totpcgiprovision-frontend bind 0.0.0.0:10019 default_backend totpcgiprovision-backend backend totpcgiprovision-backend balance hdr(appserver) http-check expect status 401 server fas01 fas01:8444 check inter 5s rise 1 fall 2 {% if env == "production" %} server fas02 fas02:8444 check inter 5s rise 1 fall 2 server fas03 fas03:8444 check inter 5s rise 1 fall 2 {% endif %} option httpchk GET /index.cgi frontend ipsilon-frontend bind 0.0.0.0:10020 default_backend ipsilon-backend backend ipsilon-backend balance hdr(appserver) server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET / frontend askbot-frontend bind 0.0.0.0:10021 default_backend askbot-backend backend askbot-backend balance hdr(appserver) server ask01 ask01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server ask02 ask02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /questions/ frontend blockerbugs-frontend bind 0.0.0.0:10022 default_backend blockerbugs-backend backend blockerbugs-backend balance hdr(appserver) server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server blockerbugs02 blockerbugs02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /blockerbugs frontend fedocal-frontend bind 0.0.0.0:10023 default_backend fedocal-backend backend fedocal-backend balance hdr(appserver) server fedocal01 fedocal01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server fedocal02 fedocal02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /calendar frontend hubs-frontend bind 0.0.0.0:10068 default_backend hubs-backend backend hubs-backend balance hdr(appserver) {% if env != "production" %} server hubs01 hubs01:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET / # IMPORTANT: 10023-10026 will NOT work because of selinux policies frontend datagrepper-frontend bind 0.0.0.0:10028 default_backend datagrepper-backend backend datagrepper-backend balance hdr(appserver) server datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server datagrepper02 datagrepper02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /datagrepper/reference/ frontend geoip-city-frontend bind 0.0.0.0:10029 default_backend geoip-city-backend backend geoip-city-backend balance hdr(appserver) server sundries01 sundries01:80 check inter 30s rise 2 fall 3 {% if env == "production" %} server sundries02 sundries02:80 check inter 30s rise 2 fall 3 {% endif %} option httpchk GET /city?ip=18.0.0.1 # IMPORTANT: 10031 will NOT work because of selinux policies frontend badges-frontend bind 0.0.0.0:10032 default_backend badges-backend backend badges-backend balance hdr(appserver) server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server badges-web02 badges-web02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /heartbeat frontend nuancier-frontend bind 0.0.0.0:10035 default_backend nuancier-backend backend nuancier-backend balance hdr(appserver) server nuancier01 nuancier01:80 check inter 10s rise 1 fall 2 server nuancier02 nuancier02:80 check inter 10s rise 1 fall 2 option httpchk GET /nuancier/ frontend notifs-web-frontend bind 0.0.0.0:10036 default_backend notifs-web-backend backend notifs-web-backend balance hdr(appserver) server notifs-web01 notifs-web01:80 check inter 10s rise 1 fall 2 server notifs-web02 notifs-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /notifications/_heartbeat frontend github2fedmsg-frontend bind 0.0.0.0:10037 default_backend github2fedmsg-backend backend github2fedmsg-backend balance hdr(appserver) server github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2 option httpchk GET /github2fedmsg/ frontend kerneltest-frontend bind 0.0.0.0:10038 default_backend kerneltest-backend backend kerneltest-backend balance hdr(appserver) server kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2 option httpchk GET /kerneltest frontend koschei-frontend bind 0.0.0.0:10040 default_backend koschei-backend backend koschei-backend balance hdr(appserver) server koschei-web01 koschei-web01:80 check inter 10s rise 1 fall 2 server koschei-web02 koschei-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /koschei/ frontend autocloud-frontend bind 0.0.0.0:10041 default_backend autocloud-backend backend autocloud-backend balance hdr(appserver) server autocloud-web01 autocloud-web01:80 check inter 10s rise 1 fall 2 server autocloud-web02 autocloud-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /autocloud/ frontend statscache-frontend bind 0.0.0.0:10042 default_backend statscache-backend backend statscache-backend balance hdr(appserver) server statscache-web01 statscache-web01:80 check inter 10s rise 1 fall 2 server statscache-web02 statscache-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /statscache/ frontend mdapi-frontend bind 0.0.0.0:10043 default_backend mdapi-backend backend mdapi-backend balance hdr(appserver) server mdapi01 mdapi01:8080 check inter 10s rise 1 fall 2 option httpchk GET /mdapi frontend openqa-frontend bind 0.0.0.0:10044 default_backend openqa-backend backend openqa-backend balance hdr(appserver) {% if env == "production" %} server openqa01 openqa01:80 check inter 10s rise 1 fall 2 {% else %} server openqa-stg01.qa.fedoraproject.org openqa-stg01.qa.fedoraproject.org:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /api/v1/job_groups/1 frontend pdc-frontend bind 0.0.0.0:10045 default_backend pdc-backend backend pdc-backend balance hdr(appserver) {% if env != "staging" %} # Set session persistence with a cookie. # https://jdennis.fedorapeople.org/doc/rhsso-tripleo-federation/html/rhsso-tripleo-federation.html#step-18-use-proxy-persistence-for-keystone-on-each-controller cookie SERVERID insert indirect nocache {% endif %} server pdc-web01 pdc-web01:80 check inter 10s rise 1 fall 2 cookie pdc-web01 {% if env != "staging" %} server pdc-web02 pdc-web02:80 check inter 10s rise 1 fall 2 cookie pdc-web02 {% endif %} option httpchk GET /rest_api/v1/ timeout server 3600000 timeout connect 3600000 frontend zanata2fedmsg-frontend bind 0.0.0.0:10046 default_backend zanata2fedmsg-backend backend zanata2fedmsg-backend balance hdr(appserver) server zanata2fedmsg01 zanata2fedmsg01:80 check inter 10s rise 1 fall 2 frontend osbs-frontend bind 0.0.0.0:10047 default_backend osbs-backend backend osbs-backend balance hdr(appserver) server osbs-master01 osbs-master01:8443 check inter 10s rise 1 fall 2 check ssl verify none # This is silly, but basically, stg has registry01/02, prod has registry02/03 frontend docker-registry-frontend bind 0.0.0.0:10048 default_backend docker-registry-backend backend docker-registry-backend balance hdr(appserver) {% if env == "staging" %} server docker-registry01 docker-registry01:5000 check inter 10s rise 1 fall 2 {% endif %} server docker-registry02 docker-registry02:5000 check inter 10s rise 1 fall 2 {% if env == "production" %} server docker-registry03 docker-registry03:5000 check inter 10s rise 1 fall 2 {% endif %} {% if env == "staging" %} frontend retrace-frontend bind 0.0.0.0:10049 default_backend retrace-backend backend retrace-backend balance hdr(appserver) server retrace02.qa.fedoraproject.org retrace02.qa.fedoraproject.org:80 check inter 10s rise 1 fall 2 {% endif %} {% if env == "staging" %} frontend faf-frontend bind 0.0.0.0:10050 default_backend faf-backend backend faf-backend balance hdr(appserver) server faf01 faf01:80 check inter 10s rise 1 fall 2 {% endif %} {% if env == "staging" %} frontend pps-frontend bind 0.0.0.0:10051 default_backend pps-backend backend pps-backend balance hdr(appserver) server mdapi01 mdapi01:80 check inter 10s rise 1 fall 2 option httpchk GET /pps {% endif %} {% if env == "staging" %} frontend fas3-frontend bind 0.0.0.0:10052 default_backend fas3-backend backend fas3-backend # These values are set extremely low so any issues are recovered from very # quickly. Setting these higher will cause odd behavior in apps that # depend on fas (like pkgdb, bodhi, etc) balance hdr(appserver) server fas3-01.stg fas3-01.stg:80 check inter 5s rise 1 fall 2 option httpchk GET /fas3/ {% endif %} frontend ipa-frontend bind 0.0.0.0:10053 default_backend ipa-backend backend ipa-backend balance hdr(appserver) server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem {% if env != "staging" %} server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup {% endif %} option httpchk GET /ipa/ui/ frontend krb5-frontend mode tcp bind 0.0.0.0:1088 default_backend krb5-backend backend krb5-backend mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server ipa01 ipa01:88 weight 1 maxconn 16384 {% if env == "production" %} # server ipa02 ipa02:88 weight 1 maxconn 16384 {% endif %} frontend docker-candidate-registry-frontend bind 0.0.0.0:10054 default_backend docker-candidate-registry-backend backend docker-candidate-registry-backend balance hdr(appserver) server docker-candidate-registry01 docker-candidate-registry01:5000 check inter 10s rise 1 fall 2 frontend modernpaste-frontend bind 0.0.0.0:10055 default_backend modernpaste-backend backend modernpaste-backend balance hdr(appserver) server modernpaste01 modernpaste01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server modernpaste02 modernpaste02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET / {% if 'phx2' in inventory_hostname %} frontend koji-frontend bind 0.0.0.0:10056 default_backend koji-backend backend koji-backend # This needs to be massive due to koji's completeBuild with texlive (https://pagure.io/koji/issue/259) timeout server 3h balance hdr(appserver) server koji01 koji01:80 check inter 10s rise 1 fall 2 option httpchk GET / # Only enable this on phx2 proxies frontend src-frontend bind 0.0.0.0:10057 default_backend src-backend backend src-backend balance hdr(appserver) {% if env == "staging" %} server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2 {% else %} server pkgs02 pkgs02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET / {% endif %} {% if env == "production" and 'phx2' in inventory_hostname %} frontend ppckoji-frontend bind 0.0.0.0:10058 default_backend ppckoji-backend backend ppckoji-backend balance hdr(appserver) server ppc-koji01.ppc.fedoraproject.org ppc-koji01.ppc.fedoraproject.org:80 check inter 10s rise 1 fall 2 option httpchk GET / frontend s390koji-frontend bind 0.0.0.0:10059 default_backend s390koji-backend backend s390koji-backend balance hdr(appserver) server s390-koji01.s390.fedoraproject.org s390-koji01.s390.fedoraproject.org:80 check inter 10s rise 1 fall 2 option httpchk GET / frontend armkoji-frontend bind 0.0.0.0:10060 default_backend armkoji-backend backend armkoji-backend balance hdr(appserver) server arm-koji01.qa.fedoraproject.org arm-koji01.qa.fedoraproject.org:80 check inter 10s rise 1 fall 2 option httpchk GET / {% endif %} # This is an endpoint using only ipa01. This is used for API access, since sessions # are not synchronized. frontend ipa01-frontend bind 0.0.0.0:10061 default_backend ipa01-backend backend ipa01-backend balance hdr(appserver) server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem option httpchk GET /ipa/ui/ {% if env == "production" and 'phx2' in inventory_hostname %} frontend kojipkgs-frontend bind 0.0.0.0:10062 default_backend kojipkgs-backend backend kojipkgs-backend balance hdr(appserver) server kojipkgs01.phx2.fedoraproject.org kojipkgs01.phx2.fedoraproject.org:80 check inter 10s rise 1 fall 2 server kojipkgs02.phx2.fedoraproject.org kojipkgs02.phx2.fedoraproject.org:80 check inter 10s rise 1 fall 2 option httpchk GET / {% endif %} frontend mbs-frontend bind 0.0.0.0:10063 default_backend mbs-backend backend mbs-backend balance hdr(appserver) server mbs-frontend01 mbs-frontend01:80 check inter 20s rise 2 fall 3 server mbs-frontend02 mbs-frontend02:80 check inter 20s rise 2 fall 3 option httpchk GET /module-build-service/1/module-builds/ frontend os-master-frontend bind 0.0.0.0:10064 default_backend os-master-backend backend os-master-backend balance hdr(appserver) server os-master01 os-master01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem server os-master02 os-master02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem server os-master03 os-master02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem option httpchk GET / frontend os-nodes-frontend bind 0.0.0.0:10065 default_backend os-nodes-backend backend os-nodes-backend balance hdr(appserver) server os-node01 os-node01:443 check inter 10s rise 1 fall 2 ssl verify none server os-node02 os-node02:443 check inter 10s rise 1 fall 2 ssl verify none option httpchk GET / http-check expect status 503 frontend odcs-frontend bind 0.0.0.0:10066 default_backend odcs-backend backend odcs-backend balance hdr(appserver) server odcs-frontend01 odcs-frontend01:80 check inter 20s rise 2 fall 3 option httpchk GET /api/1/composes/ frontend freshmaker-frontend bind 0.0.0.0:10067 default_backend freshmaker-backend backend freshmaker-backend balance hdr(appserver) server freshmaker-frontend01 freshmaker-frontend01:80 check inter 20s rise 2 fall 3 option httpchk GET /api/1/builds/ # Apache doesn't handle the initial connection here like the other proxy # entries. This proxy also doesn't use the http mode like the others. # stunnel should be sitting on port 9939 (public) and redirecting # connections from there to here, port 9938. This then proxies to the # fedmsg-hub's websocket server on busgateway01, port 9919. frontend fedmsg-websockets-frontend mode tcp bind 0.0.0.0:9938 default_backend fedmsg-websockets-backend backend fedmsg-websockets-backend mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server busgateway01 busgateway01:9919 weight 1 maxconn 16384 # This, unlike the websockets entry just above, is listening directly to the # outside world with no stunnel inbetween. # Simply redirect tcp connections to a local fedmsg-gateway slave. It should be # forwarding messages from the master gateway on busgateway01. frontend fedmsg-raw-zmq-outbound-frontend mode tcp bind 0.0.0.0:9940 default_backend fedmsg-raw-zmq-outbound-backend backend fedmsg-raw-zmq-outbound-backend mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server localhost localhost:9942 weight 1 maxconn 16384 # While the above fedmsg-raw-zmq-outbound forwards incoming connections to an # instance of the "fedmsg-gateway" daemon (which pushes internal messages out), # this entry forwards incoming connections to a secondary instance of the # "fedmsg-relay" daemon (which pushes messages *onto* the internal bus). We # have a primary instance of fedmsg-relay running on app01 for most internal # use. Here we forward to a secondary one on busgateway01. frontend fedmsg-raw-zmq-inbound-frontend mode tcp bind 0.0.0.0:9941 default_backend fedmsg-raw-zmq-inbound-backend backend fedmsg-raw-zmq-inbound-backend mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server busgateway01 busgateway01:9941 weight 1 maxconn 16384